Skip to content

Error code 5 is not consistently enforced in shift operators for shifted bits bigger than 256 #3000

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jeshecdom opened this issue May 5, 2025 · 0 comments
Open

Error code 5 is not consistently enforced in shift operators for shifted bits bigger than 256 #3000

jeshecdom opened this issue May 5, 2025 · 0 comments
Labels
activity: found-by-fuzzing Do not add! Issues found by fuzzer by previous project. misc: func-bug Bugs in FunC compiler

Comments

@jeshecdom
Copy link
Contributor

In the following contract:

contract Test {

   receive() {}
   
   get fun getBool1(x: Int): Bool {
       return 10 < (2 << x);
   }
   
   get fun getBool2(x: Int): Bool {
       return 10 < (2 >> x);
   }
}
  • For << operator:

Calling getBool1(257) gives: Error: Unable to execute get method. Got exit_code: 4 (overflow error, meaning that it accepted the value 257 as valid). But interpreter responds with: Cannot evaluate expression to a constant: the number of bits shifted ('257') must be within [0..256] range.

Calling getBool1(7237005577332262213973186563042994240829374041602535252466099000494570602496) (i.e., getBool1(2^252)) gives: Unable to execute get method. Got exit_code: 5 (range check error). The interpreter response: Cannot evaluate expression to a constant: the number of bits shifted ('7237005577332262213973186563042994240829374041602535252466099000494570602496') must be within [0..256] range.

The above shows that << does not enforce that the shifted bits must be smaller than 257, because getBool1(257) actually attempts to compute 2 << 257 producing an overflow. Error code 5 is enforced for very big numbers only.

  • For >> operator:

Calling getBool2(257) gives: false. But interpreter responds with: Cannot evaluate expression to a constant: the number of bits shifted ('257') must be within [0..256] range.

Calling getBool2(7237005577332262213973186563042994240829374041602535252466099000494570602496) (i.e., getBool2(2^252)) gives: Unable to execute get method. Got exit_code: 5 (range check error). The interpreter response: Cannot evaluate expression to a constant: the number of bits shifted ('7237005577332262213973186563042994240829374041602535252466099000494570602496') must be within [0..256] range.

The above shows that >> does not enforce that the shifted bits must be smaller than 257, because getBool2(257) returns false. Error code 5 is enforced for very big numbers only.

These examples are different from those in issue #2997 because in the current case, FunC does not simplify the expressions in the Fift code:

$Test$_fun_getBool1 PROCREF:<{
    2 PUSHINT
    SWAP
    LSHIFT
    10 GTINT
  }>
  $Test$_fun_getBool2 PROCREF:<{
    2 PUSHINT
    SWAP
    RSHIFT
    10 GTINT
  }>
@jeshecdom jeshecdom added the activity: found-by-fuzzing Do not add! Issues found by fuzzer by previous project. label May 5, 2025
@anton-trunov anton-trunov added the misc: func-bug Bugs in FunC compiler label May 5, 2025
@i582 i582 mentioned this issue May 7, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
activity: found-by-fuzzing Do not add! Issues found by fuzzer by previous project. misc: func-bug Bugs in FunC compiler
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeshecdom @anton-trunov